When the government was able to unlock the San Bernardino shooter’s iPhone, they backed off of their demands that Apple assist with the breaking into the device. They did not, however, provide Apple with details into how they were able to unlock the iPhone. In my opinion, and apparently the opinion of the Associated Press, Gannett Satellite Information Network (”USA TODAY”), and Vice Media, this is a disservice to the millions of taxpayers that use iOS devices. These organizations are suing the FBI for not disclosing how they were able to break into the phone. This leaves potentially millions of iOS devices exposed to the vulnerability that allowed the FBI to obtain access to a locked iPhone.
The NIST Cybersecurity Framework, a government published set of standards, encourages information sharing about vulnerabilities and threats between private and public organizations. I am a strong advocate of this principal because as companies work together to share information to protect against cyber threats, the benefits of increased security extends beyond the walls of the organization that identified the cyber threat. It also helps us to collectively solve for vulnerabilities that are identified and shared.
In this case, however the FBI appears to be withholding information about the vulnerability for their own benefit. If they publicly share the method in which they were able to unlock the device (or even privately with Apple), the folks in Cupertino will almost certainly address the security flaw immediately.
There is a fine balance between strong security and enabling our law enforcement to investigate, however I am not in favor of providing back doors to law enforcement and withholding security flaws that leave millions exposed.
Article links:
https://www.cnet.com/news/fbi-sued-over-apple-iphone-hack-by-vice-ap-gannett/
https://www.documentcloud.org/documents/3109606-16-Cv-1850-Dkt-No-1-Complaint.html
I was reading this article earlier this week and thanks for providing the link to the case. I too disagree with the FBI stance on withholding such a critical vulnerability to the iPhone. Just like Apple has stated in it’s argument prior to the FBI obtaining access to the iPhone, the FBI now has a tool that would be able to access over 100 million IPhone users by circumventing legal processes. The security and privacy of it’s users is no compromised, even if the intention of the third-party was in public interest.
Hi Jason,
It’s a shame really that the FBI refuse to cooperate and share details of the flaw with Apple. This is a disservice to the millions of iPhone users. I wonder if they had to sign some sort of disclosure not to provide details to Apple if they agreed to use this hack. Whatever the case might be, refusing to share this information does nothing but potentially hurt the millions of innocent people that use the iPhone.
We talked about this in last years class for quite a while. It is my recollection that the FBI paid for a service, and was claiming that they did not have the technique themselves. It is a little slight of hand, but probably gives them enough of an excuse to not disclose what they do not “know”.
Wade
Hello class- I agree with all of you and I think that our government agencies should disclaim all the tools available to them and make things transparent to the public.
Some of the other tools available to them, like Black Widow, and RedSeal are so dangerous in the wrong hands, but who polices those who use tools for the wrong purpose in those government agencies?